openldap/openldap-nss-delay-token-auth.patch

Mozilla NSS - delay token auth until needed

Resolves: #616552
Upstream: ITS #6595
Author: Rich Megginson <rmeggins@redhat.com>

diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c
--- openldap-2.4.22.old/libraries/libldap/tls_m.c	2010-07-22 09:56:58.984806148 +0200
+++ openldap-2.4.22.new/libraries/libldap/tls_m.c	2010-07-22 09:58:19.030686912 +0200
@@ -930,26 +930,6 @@
 	return rc;
 }
 
-static int
-tlsm_init_tokens( tlsm_ctx *ctx )
-{
-	PK11SlotList *slotList;
-	PK11SlotListElement *listEntry;
-	int rc = 0;
-
-	slotList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL );
-
-	for ( listEntry = PK11_GetFirstSafe( slotList ); !rc && listEntry;
-		  listEntry = PK11_GetNextSafe( slotList, listEntry, PR_FALSE ) ) {
-		PK11SlotInfo *slot = listEntry->slot;
-		rc = tlsm_authenticate_to_slot( ctx, slot );
-	}
-
-	PK11_FreeSlotList( slotList );
-
-	return rc;
-}
-
 static SECStatus
 tlsm_nss_shutdown_cb( void *appData, void *nssData )
 {
@@ -1365,10 +1345,6 @@
 
 		PK11_SetPasswordFunc( tlsm_pin_prompt );
 
-		if ( tlsm_init_tokens( ctx ) ) {
-			return -1;
-		}
-
 		/* register cleanup function */
 		/* delete the old one, if any */
 		NSS_UnregisterShutdown( tlsm_nss_shutdown_cb, NULL );
rebase to 2.4.23 - package rebased - removed embeded db4 - removed patches merged by upstream - removed no longer required patches - merged patches doing manpage changes - merged patches exporting ldif API - reapplied patches and added description to each one - removed unnecessary BuildRequires - cleaned %config, %build and %install sections - updated database upgrade process: - database is exported (slapcat) and reimported (slapadd) when minor version of openldap changes (safe and recomended way) - database is upgraded (db4) when minor version of db4 package changes (this is not done in %post anymore, as the database is not embeded, but using triggers) Resolved: #624616 Bogus links in "SEE ALSO" part of several man-pages Resolved: #625740 openldap-2.4.23 is available 2010-08-24 16:25:50 +00:00			`Mozilla NSS - delay token auth until needed`

			`Resolves: #616552`
			`Upstream: ITS #6595`
			`Author: Rich Megginson <rmeggins@redhat.com>`
Mozilla NSS - delay token auth until needed (#616552) Mozilla NSS - support use of self signed CA certs as server certs (#614545) 2010-07-22 08:11:30 +00:00
			`diff -urNP openldap-2.4.22.old/libraries/libldap/tls_m.c openldap-2.4.22.new/libraries/libldap/tls_m.c`
			`--- openldap-2.4.22.old/libraries/libldap/tls_m.c 2010-07-22 09:56:58.984806148 +0200`
			`+++ openldap-2.4.22.new/libraries/libldap/tls_m.c 2010-07-22 09:58:19.030686912 +0200`
			`@@ -930,26 +930,6 @@`
			`return rc;`
			`}`

			`-static int`
			`-tlsm_init_tokens( tlsm_ctx *ctx )`
			`-{`
			`- PK11SlotList *slotList;`
			`- PK11SlotListElement *listEntry;`
			`- int rc = 0;`
			`-`
			`- slotList = PK11_GetAllTokens( CKM_INVALID_MECHANISM, PR_FALSE, PR_TRUE, NULL );`
			`-`
			`- for ( listEntry = PK11_GetFirstSafe( slotList ); !rc && listEntry;`
			`- listEntry = PK11_GetNextSafe( slotList, listEntry, PR_FALSE ) ) {`
			`- PK11SlotInfo *slot = listEntry->slot;`
			`- rc = tlsm_authenticate_to_slot( ctx, slot );`
			`- }`
			`-`
			`- PK11_FreeSlotList( slotList );`
			`-`
			`- return rc;`
			`-}`
			`-`
			`static SECStatus`
			`tlsm_nss_shutdown_cb( void appData, void nssData )`
			`{`
			`@@ -1365,10 +1345,6 @@`

			`PK11_SetPasswordFunc( tlsm_pin_prompt );`

			`- if ( tlsm_init_tokens( ctx ) ) {`
			`- return -1;`
			`- }`
			`-`
			`/* register cleanup function */`
			`/* delete the old one, if any */`
			`NSS_UnregisterShutdown( tlsm_nss_shutdown_cb, NULL );`